WordPress.org

Ready to get started?Download WordPress

Forums

NextGEN Gallery
swfupload Cross-Site Scripting Vulnerability (1 post)

  1. tconner
    Member
    Posted 1 year ago #

    I have been getting alerts over the last few days about Nextgen Gallery having a security vulnerability. According to this site:

    A vulnerability has been discovered in the NextGEN Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
    The vulnerability is caused due to a bundled vulnerable version of swfupload.

    You can see more about it here:
    http://secunia.com/advisories/51271/
    However, these warnings were posted only a day after 11/13/12, when a new update of NextGen Gallery was released (see here). According to the changelog:

    Removed bundled version of swfupload

    So why are these alerts appearing now, after the bundled version of swfupload was supposedly removed?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic